1 /* 2 ** tls.h -- TLS functions. 3 ** Copyright (C) 2000 Kenichi Okada <okada@opaopa.org>. 4 ** 5 ** Author: Kenichi Okada <okada@opaopa.org> 6 ** Created: 2000-02-22 7 */ 8 9 #ifndef TLS_H 10 #define TLS_H 1 11 12 #ifdef HAVE_OPENSSL 13 14 /* OpenSSL uses _Noreturn when C11 features are recognized. */ 15 # if __GNUC__ > 4 16 # pragma GCC diagnostic ignored "-Wc99-c11-compat" 17 # endif 18 # include <openssl/lhash.h> 19 # if __GNUC__ > 4 20 # pragma GCC diagnostic warning "-Wc99-c11-compat" 21 # endif 22 # include <openssl/bn.h> 23 # include <openssl/dh.h> 24 # include <openssl/err.h> 25 # include <openssl/pem.h> 26 # include <openssl/rand.h> 27 # include <openssl/ssl.h> 28 # include <openssl/x509.h> 29 30 # if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed) 31 # include <openssl/ec.h> 32 # include <openssl/objects.h> 33 # define HAVE_OPENSSL_ECC 34 # endif 35 36 /* Protocol support. */ 37 # define INN_TLS_SSLv2 1 38 # define INN_TLS_SSLv3 2 39 # define INN_TLS_TLSv1 4 40 # define INN_TLS_TLSv1_1 8 41 # define INN_TLS_TLSv1_2 16 42 # define INN_TLS_TLSv1_3 32 43 44 45 extern SSL *tls_conn; 46 extern int tls_cipher_usebits; 47 extern char *tls_peer_CN; 48 49 /* Init TLS engine. */ 50 int tls_init_serverengine(int verifydepth, /* Depth to verify. */ 51 int askcert, /* 1 = Verify client. */ 52 int requirecert, /* 1 = Another client verify? */ 53 char *tls_CAfile, char *tls_CApath, 54 char *tls_cert_file, char *tls_key_file, 55 bool prefer_server_ciphers, bool tls_compression, 56 struct vector *tls_protocols, char *tls_ciphers, 57 char *tls_ciphers13, char *tls_ec_curve); 58 59 /* Init TLS. */ 60 int tls_init(void); 61 62 /* Start TLS negotiation. */ 63 int tls_start_servertls(int readfd, int writefd); 64 65 ssize_t SSL_writev(SSL *ssl, const struct iovec *vector, int count); 66 67 #endif /* HAVE_OPENSSL */ 68 69 #endif /* TLS_H */ 70